chore: align data fetch on stocks (#29795)

<!--
Please submit this PR as a draft initially.

Do not mark it as "Ready for review" until this PR meets the canonical
Definition of Ready For Review in `docs/readme/ready-for-review.md`.

In short: the template must be materially complete (not just section
titles
present), all status checks must be currently passing, and the only
expected
follow-up commits must be reviewer-driven.
-->

## **Description**

The `useStocksFeed` hook was passing `chainIds: ['eip155:1']` to
`useRwaTokens` when no search query was active, restricting the API
fetch to Ethereum mainnet only. The `RWATokensFullView` (full-screen
Stocks view) fetches from all RWA-supported chains (Ethereum + BNB
Chain) by default.

This mismatch caused the two views to operate on different datasets,
leading to inconsistent sort order: tokens available on BNB Chain (e.g.
Cipher Mining Ondo Tokenized) appeared at the top of the full-screen
view due to a higher 24h price change, but were completely absent from
the section widget, making a lower-ranked Ethereum token incorrectly
appear first there.

The fix removes the `chainIds` override from `useStocksFeed` so it
fetches the same combined dataset as the full-screen view. A client-side
filter is then applied to return only Ethereum mainnet tokens to the
section, preserving the intended display scope while correctly
reflecting the global sort order.

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: align data fetch on stocks

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/ASSETS-3149

## **Manual testing steps**

```gherkin
Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]
```

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

<!--
Every checklist item must be consciously assessed before marking this PR
as
"Ready for review". A checked box means you deliberately considered that
responsibility, not that you literally performed every action listed.

Unchecked boxes are ambiguous: they are not an implicit "N/A" and they
are not
a silent "skip". See `docs/readme/ready-for-review.md` for the full
checklist
semantics.
-->

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I've included tests if applicable
- [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

#### Performance checks (if applicable)

- [ ] I've tested on Android
  - Ideally on a mid-range device; emulator is acceptable
- [ ] I've tested with a power user scenario
- Use these [power-user
SRPs](https://consensyssoftware.atlassian.net/wiki/spaces/TL1/pages/edit-v2/401401446401?draftShareId=9d77e1e1-4bdc-4be1-9ebb-ccd916988d93)
to import wallets with many accounts and tokens
- [ ] I've instrumented key operations with Sentry traces for production
performance metrics
- See [`trace()`](/app/util/trace.ts) for usage and
[`addToken`](/app/components/Views/AddAsset/components/AddCustomToken/AddCustomToken.tsx#L274)
for an example

For performance guidelines and tooling, see the [Performance
Guide](https://consensyssoftware.atlassian.net/wiki/spaces/TL1/pages/400085549067/Performance+Guide+for+Engineers).

## **Pre-merge reviewer checklist**

<!--
Reviewer checklist items follow the same semantics as the author
checklist: an
unchecked box is ambiguous, a checked box means the reviewer consciously
assessed that responsibility. See `docs/readme/ready-for-review.md`.
-->

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Moderate UI/data behavior change: alters what assets appear in
Trending sections by shifting RWA chain filtering client-side and
optionally hiding risky tokens, which could affect ordering/visibility
but not security-critical flows.
> 
> **Overview**
> Aligns the Trending *Stocks* section with the full RWA dataset by
removing the `chainIds` constraint from the `useRwaTokens` request and
instead filtering to Ethereum mainnet locally (by `assetId` CAIP prefix)
to avoid cache divergence and inconsistent sorting.
> 
> Adds an optional `hideRiskyTokens` flag to `useTokensFeed` to filter
out tokens marked `Warning`, `Spam`, or `Malicious` (keeping `Verified`,
`Benign`, and unscanned), enables it for the *Crypto movers* pills in
`NowTab`, and extends unit tests to cover the new filtering behavior.
> 
> Updates English strings so the RWA perps section/pill labels display
"Perps" instead of "Markets"/"Stocks & commodities".
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
ed1be03. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Author: juanmigdr

app/components/Views/TrendingView/feeds/stocks/useStocksFeed.ts

@@ -1,8 +1,11 @@
+import { useMemo } from 'react';
 import type { TrendingAsset } from '@metamask/assets-controllers';
 import { useRwaTokens } from '../../../../UI/Trending/hooks/useRwaTokens/useRwaTokens';
 import { useFeedRefresh } from '../../hooks/useFeedRefresh';
 import type { RefreshConfig } from '../../hooks/useExploreRefresh';
 
+const ETHEREUM_CAIP_CHAIN_ID = 'eip155:1/';
+
 interface UseStocksFeedOptions {
   query?: string;
   refresh?: RefreshConfig;
@@ -14,17 +17,24 @@ export interface UseStocksFeedResult {
   refetch: () => Promise<void>;
 }
 
-/** Tokenized stocks (RWAs on Ethereum mainnet). */
+/** Tokenized stocks (RWAs). Only Ethereum mainnet tokens are shown in the section. */
 export const useStocksFeed = ({
   query,
   refresh,
 }: UseStocksFeedOptions = {}): UseStocksFeedResult => {
   const { data, isLoading, refetch } = useRwaTokens({
     searchQuery: query,
-    ...(query ? {} : { chainIds: ['eip155:1'] }),
   });
 
+  // Keep mainnet filtering here (not in the request) so all surfaces share the same
+  // RWA cache (server-side); chain-specific params would split the cache and diverge from the main feed.
+  const ethereumData = useMemo(
+    () =>
+      data.filter((asset) => asset.assetId.startsWith(ETHEREUM_CAIP_CHAIN_ID)),
+    [data],
+  );
+
   useFeedRefresh(refresh, refetch);
 
-  return { data, isLoading, refetch };
+  return { data: ethereumData, isLoading, refetch };
 };

app/components/Views/TrendingView/feeds/tokens/useTokensFeed.test.ts

@@ -84,4 +84,125 @@ describe('useTokensFeed', () => {
       enableDebounce: false,
     });
   });
+
+  describe('hideRiskyTokens', () => {
+    const tokensWithSecurity = [
+      {
+        assetId: 'eip155:1/erc20:0x1',
+        symbol: 'VER',
+        name: 'Verified Token',
+        marketCap: 900,
+        securityData: { resultType: 'Verified' },
+      },
+      {
+        assetId: 'eip155:1/erc20:0x2',
+        symbol: 'BEN',
+        name: 'Benign Token',
+        marketCap: 800,
+        securityData: { resultType: 'Benign' },
+      },
+      {
+        assetId: 'eip155:1/erc20:0x3',
+        symbol: 'WRN',
+        name: 'Warning Token',
+        marketCap: 700,
+        securityData: { resultType: 'Warning' },
+      },
+      {
+        assetId: 'eip155:1/erc20:0x4',
+        symbol: 'SPM',
+        name: 'Spam Token',
+        marketCap: 600,
+        securityData: { resultType: 'Spam' },
+      },
+      {
+        assetId: 'eip155:1/erc20:0x5',
+        symbol: 'MAL',
+        name: 'Malicious Token',
+        marketCap: 500,
+        securityData: { resultType: 'Malicious' },
+      },
+      {
+        assetId: 'eip155:1/erc20:0x6',
+        symbol: 'UNS',
+        name: 'Unscanned Token',
+        marketCap: 400,
+      },
+    ] as unknown as TrendingAsset[];
+
+    beforeEach(() => {
+      mockUseTrendingSearch.mockReturnValue({
+        data: tokensWithSecurity,
+        isLoading: false,
+        refetch: mockRefetch,
+      });
+    });
+
+    it('returns all tokens when hideRiskyTokens is false (default)', () => {
+      const { result } = renderHook(() => useTokensFeed());
+
+      expect(result.current.data.map((t) => t.symbol)).toEqual([
+        'VER',
+        'BEN',
+        'WRN',
+        'SPM',
+        'MAL',
+        'UNS',
+      ]);
+    });
+
+    it('keeps only Verified, Benign, and unscanned tokens when hideRiskyTokens is true', () => {
+      const { result } = renderHook(() =>
+        useTokensFeed({ hideRiskyTokens: true }),
+      );
+
+      expect(result.current.data.map((t) => t.symbol)).toEqual([
+        'VER',
+        'BEN',
+        'UNS',
+      ]);
+    });
+
+    it('removes Warning tokens', () => {
+      mockUseTrendingSearch.mockReturnValue({
+        data: [tokensWithSecurity[2]],
+        isLoading: false,
+        refetch: mockRefetch,
+      });
+
+      const { result } = renderHook(() =>
+        useTokensFeed({ hideRiskyTokens: true }),
+      );
+
+      expect(result.current.data).toHaveLength(0);
+    });
+
+    it('removes Spam tokens', () => {
+      mockUseTrendingSearch.mockReturnValue({
+        data: [tokensWithSecurity[3]],
+        isLoading: false,
+        refetch: mockRefetch,
+      });
+
+      const { result } = renderHook(() =>
+        useTokensFeed({ hideRiskyTokens: true }),
+      );
+
+      expect(result.current.data).toHaveLength(0);
+    });
+
+    it('removes Malicious tokens', () => {
+      mockUseTrendingSearch.mockReturnValue({
+        data: [tokensWithSecurity[4]],
+        isLoading: false,
+        refetch: mockRefetch,
+      });
+
+      const { result } = renderHook(() =>
+        useTokensFeed({ hideRiskyTokens: true }),
+      );
+
+      expect(result.current.data).toHaveLength(0);
+    });
+  });
 });

app/components/Views/TrendingView/feeds/tokens/useTokensFeed.ts

@@ -9,6 +9,11 @@ interface UseTokensFeedOptions {
   /** Search query; when present, results are sorted by market cap descending. */
   query?: string;
   refresh?: RefreshConfig;
+  /**
+   * When true, only Verified and Benign tokens (or unscanned ones) are shown.
+   * Use for surfaces that don't display a security badge.
+   */
+  hideRiskyTokens?: boolean;
 }
 
 export interface UseTokensFeedResult {
@@ -21,6 +26,7 @@ export interface UseTokensFeedResult {
 export const useTokensFeed = ({
   query,
   refresh,
+  hideRiskyTokens = false,
 }: UseTokensFeedOptions = {}): UseTokensFeedResult => {
   const { data, isLoading, refetch } = useTrendingSearch({
     searchQuery: query,
@@ -29,16 +35,23 @@ export const useTokensFeed = ({
 
   useFeedRefresh(refresh, refetch);
 
-  const filteredData = useMemo(
-    () =>
-      fuseSearch(
-        data,
-        query,
-        TOKEN_FUSE_OPTIONS,
-        (a, b) => (b.marketCap ?? 0) - (a.marketCap ?? 0),
-      ),
-    [data, query],
-  );
+  const filteredData = useMemo(() => {
+    const searched = fuseSearch(
+      data,
+      query,
+      TOKEN_FUSE_OPTIONS,
+      (a, b) => (b.marketCap ?? 0) - (a.marketCap ?? 0),
+    );
+
+    if (!hideRiskyTokens) return searched;
+
+    return searched.filter(({ securityData }) => {
+      const { resultType } = securityData ?? {};
+      return (
+        !resultType || resultType === 'Verified' || resultType === 'Benign'
+      );
+    });
+  }, [data, query, hideRiskyTokens]);
 
   return { data: filteredData, isLoading, refetch };
 };

app/components/Views/TrendingView/tabs/NowTab.tsx

@@ -104,7 +104,7 @@ const NowTab: React.FC<TabProps> = ({ refresh, refreshing, onRefresh }) => {
   }, [refresh.trigger]);
 
   const predictions = usePredictionsFeed({ refresh });
-  const cryptoMovers = useTokensFeed({ refresh });
+  const cryptoMovers = useTokensFeed({ refresh, hideRiskyTokens: true });
   const stocks = useStocksFeed({ refresh });
 
   const renderPredictionItem: ListRenderItem<PredictMarketType> = useCallback(

locales/languages/en.json

@@ -8847,8 +8847,8 @@
     "search_placeholder": "Search tokens, sites, URLs",
     "cancel": "Cancel",
     "perps": "Perps",
-    "rwa_perps_section": "Markets",
-    "macro_stocks_commodity_perps": "Stocks & commodities",
+    "rwa_perps_section": "Perps",
+    "macro_stocks_commodity_perps": "Perps",
     "macro_pill_stocks": "Stocks",
     "macro_pill_commodities": "Commodities",
     "rwa_pill_commodities": "Commodities",